Somedavinciserver.com
Somedavinciserver.com is a minor variant of a typical browser-hijacking scam that redirects victims from safe search engines to link farms, fake search engines and advertisement-crammed websites. Browser hijackers for Somedavinciserver.com may redirect you straight to Somedavinciserver.com, but SpywareRemove.com malware researchers have also noted browser redirect attacks that merely use Somedavinciserver.com as a go-between, before continuing to redirect the browser to other types of irrelevant websites. If your browser comes into direct or indirect contact with Somedavinciserver.com, the chances are very high that your PC is infected with a ZeroAccess rootkit or other form of browser hijacker. To solve these attacks and keep Somedavinciserver.com from appearing in your searches, you only need to use a competent anti-malware application along with basic safety measures to remove the offending rootkit.
Somedavinciserver.com – a New Name for a Seasoned Browser-Hijacking Trick
Somedavinciserver.com uses a very simple scam that first infects a given PC with a browser-hijacking Trojan or rootkit (such as the infamous ZeroAccess rootkit) and then redirects the computer's web browser to Somedavinciserver.com or Somedavinciserver.com affiliates. This can result in Somedavinciserver.com's web masters gaining pay-per-click revenue from the artificial traffic, and as a coincidental side effect, deprives you of control over your web browser. Browser hijackers for Somedavinciserver.com may infect your PC in a variety of ways, with the most common methods being drive-by-download scripts from hostile sites and infected .exe files that are distributed along file-sharing networks.
Other sites that are affiliated with Somedavinciserver.com include Xa.com and Neatdavinciserver.com, both of which also specialize in providing irrelevant and potentially-dangerous content instead of relevant links. Browser hijackers may redirect you to any one of these three websites, or use them as go-betweens before redirecting you to one of their other affiliates, which should be treated as just as dangerous as Somedavinciserver.com itself.
Why Somedavinciserver.com's Search-Interfering Presence isn't Hard to Catch
SpywareRemove.com malware researches have noted the following symptoms of Somedavinciserver.com redirect attacks, which are indicative of your PC already being infected with some form of browser hijacker, which may also be capable of other attacks (such as creating security backdoors):
- Being redirected to Somedavinciserver.com or a related site after you attempt to use a search engine website (such as Google or Bing).
- Seeing Somedavinciserver.com as your default home page.
- Issues with your web browser settings (such as having the settings change as soon as you close and reopen your browser).
Although browser hijackers that are affiliated with Somedavinciserver.com may attempt to block your anti-malware programs, removing rootkits and similar forms of PC threats by manual methods isn't recommended. Instead, SpywareRemove.com malware analysts encourage you to use Safe Mode and other tactics that can disable the infection before you scan your PC. Afterwards, avoiding any contact with Somedavinciserver.com is also important, since Somedavinciserver.com may exploit drive-by-download scripts to reinfect your PC.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%Windows%\system32\svchost.exe
File name: %Windows%\system32\svchost.exeFile type: Executable File
Mime Type: unknown/exe
%Windows%\system32\consrv.dll
File name: %Windows%\system32\consrv.dllFile type: Dynamic link library
Mime Type: unknown/dll
%Windows%\system32\DRIVERS\mrxsmb.sys
File name: %Windows%\system32\DRIVERS\mrxsmb.sysFile type: System file
Mime Type: unknown/sys
Registry Modifications
HKEY..\..\..\..{Subkeys}HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\System Index\Crawls\ll@IsCatalogLevel 0SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.